<?php

/**
 * implement access controller list interface
 */
class Core_Api_Acl
{

    /**
     * check permission of $subject for $action_id
     * @param User_Model_User $subject  Object User #1
     * @param string $action id ect: core.admin, user.upload
     * @return TRUE|FALSE return false if accept, deny
     */
    public function allow($action_id, $subject = null)
    {
        if ($subject == NULL)
        {
            $subject = Nuo::getViewer();
        }

        $subject_id = 'role:' . $subject -> getRoleId();

        $table = Nuo::getTable('core@acl');

        $select = $table -> select() -> where('object_id=?', $subject_id) -> where('action_id=?', $action_id);

        $row = $table -> fetchRow($select);

        if (is_object($row) && $row -> allow == 1)
        {
            return true;
        }

        return false;
    }

}
